Omniauth::Strategies::CentralLogin

An article, posted 5 days ago filed in devise, gem, authentication, openid, oauth, CentralLogin & login.

I just pushed omniauth-central_login to rubygems.org, to make it easy to integrate CentralLogin with other ruby apps. It is a companion gem to CentralLogin, a batteries included open source OAuth2 Provider based on Rails, Doorkeeper & Devise, with simple user managment tools.

Installation

Add this line to your application's Gemfile:

ruby gem 'omniauth-central_login'

And then execute:

$ bundle install

Or install it yourself as:

$ gem install omniauth-central_login

Usage

Configuring Omniauth:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :central_login, ENV['CENTRAL_LOGIN_CLIENT_ID'], ENV['CENTRAL_LOGIN_CLIENT_SECRET'], {
    scope: "openid email profile",
    client_options: {
      site: ENV['CENTRAL_LOGIN_URL']
    }
  }
end

Configuration for Devise (using omniauthable):

co...

Continue reading...

Tag descriptor

CentralLogin

A simple OAuth provider. See below for more information, or check out the source of CentralLogin on GitLab. To integrate it with your ruby-apps, use the omniauth-central_login gem.

Continue reading...

Introducing CentralLogin, an OpenID Connect Provider

An article, posted 6 days ago filed in ruby, CentralLogin, gem, rubygem, murb, authorization, authentication, roles, groups, resources, open source, mit & oauth.

This app builds on the foundations of the Doorkeeper, Doorkeeper::OpenidConnect and Devise to provide a central login system.

While Doorkeeper supports other OAuth flows, CentralLogin focusses on OpenID Connect as it is a more complete, and hence useful standard, for most use cases where you want to support authentication & authorization.

This project builds on years of juggling with different authentication providers and implementations. It may cut corners to be a pragmatic and less flexible solution which you can host on your own. You don't have to tie your users to a closed authentication system such as Auth0, Azure Directory, Cognito (the horror, really, stay away from it) or something else. In the past I've been a happy user of Keycloak, which is definitely way more advanced than this project, but it in the end it is a Java application and hence harder for me to maintain and not focussed on what I think are the core requirements :)

So, are you in the market for: - an …

Continue reading...

Phoenix’ Channels

An article, posted almost 5 years ago filed in coherence, elixer, erlang, vm, authentication, Phoenix, framework, fast, messaging, rails, ActionCable & websockets.

I started exploring Phoenix for one thing only: Channels (or actually fast real time communication over websockets). In this post I explore how to use them (yes this is a follow up of My first Phoenix-app-post).

Preparing for the authentication problem

Websockets don’t pass session cookies. Because we don't have access to these we need to transfer the user's identity in a different way. One of the recommendations I found was passing a user_token using a ``-tag (adjusting templates/layout/app.html.eex):

We can access this with a simple query selector in javascript:

document.querySelector("meta[name=user_token]").content

But that’s for later. Let’s move to the server side, since we need something to connect to, a Socket.

Socket

In our default project there is alrea…

Continue reading...

My first Phoenix app

An article, posted almost 5 years ago filed in coherence, elixer, erlang, vm, authentication, Phoenix, framework, fast, messaging & rails.

Some time ago I actually initiated my very first Phoenix app, but was a bit disappointed by the lack of a rich box of gems (like that of ruby's) and/or I didn't have the time to invest heavily in researching all the possibilities. One of my new year resolution was to actively pursue more knowledge, hence I'm giving it a second shot.

Why Phoenix?

I'm a full-stack Rails developer, but I needed real time messaging. That is not something Rails is typically good at (although it works), but Elixir (with its Erlang base) is well known for, even in the ruby community. Phoenix wraps Elixir in a nice Rails-like package ready for web and API development.

Requirements

  • Authentication
  • Broadcasting filtered messages based on tags
  • Writing messages

Preparation

  1. Install Elixir (macOS & homebrew: brew install elixir) and make sure you have [node.js](https://nodejs.or…

Continue reading...

ActionCable and authentication with Devise (2/2)

An article, posted about 5 years ago filed in authentication, ActionCable, devise, rails, ruby on rails, ruby, websockets & communication.

This is a short follow up on the previous article in which the ActionCable basics were explained. We can now add some level of authentication. Authentication is a bit harder than simply registering some before_action’s, but it is perfectly doable, especially if you've survived the previous tutorial.

From the official Action Cable guide we can simply reuse the full connection.rb template:

module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user
 
    def connect
      self.current_user = find_verified_user
    end
 
    protected
      def find_verified_user
        if current_user = User.find_by(id: cookies.signed[:user_id])
          current_...

Continue reading...

murb blog